CVE-2024-41055

CVSS v3.1 5.5 (Medium)

EPSS 0.04 % (5^th)

Affected Products 1

Advisories 4

NVD Status Analyzed

In the Linux kernel, the following vulnerability has been resolved:

mm: prevent derefencing NULL ptr in pfn_section_valid()

Commit 5ec8e8ea8b77 ("mm/sparsemem: fix race in accessing
memory_section->usage") changed pfn_section_valid() to add a READ_ONCE()
call around "ms->usage" to fix a race with section_deactivate() where
ms->usage can be cleared. The READ_ONCE() call, by itself, is not enough
to prevent NULL pointer dereference. We need to check its value before
dereferencing it.

Weaknesses

CWE-476: NULL Pointer Dereference

CVE Status: PUBLISHED
NVD Status: Analyzed
CNA: kernel.org
Published Date: 2024-07-29 15:15:13
(7 weeks ago)
Updated Date: 2024-08-22 14:11:00
(3 weeks ago)

Affected Products

Linux

Linux Kernel

Configuration #1

	CPE23	From	Up To
Linux Kernel from 5.10.219 version and prior 5.10.222 version	cpe:2.3:o:linux:linux_kernel	>= 5.10.219	< 5.10.222
Linux Kernel from 5.15.149 version and prior 5.15.163 version	cpe:2.3:o:linux:linux_kernel	>= 5.15.149	< 5.15.163
Linux Kernel from 6.1.76 version and prior 6.1.100 version	cpe:2.3:o:linux:linux_kernel	>= 6.1.76	< 6.1.100
Linux Kernel from 6.6.15 version and prior 6.6.41 version	cpe:2.3:o:linux:linux_kernel	>= 6.6.15	< 6.6.41
Linux Kernel from 6.8 version and prior 6.9.10 version	cpe:2.3:o:linux:linux_kernel	>= 6.8	< 6.9.10